PT-2014-3508 · Openstack · Openstack Image Registry/Delivery Service

Paul Mcmillan

Publicado

2014-04-27

Atualizado

2023-02-13

CVE-2014-0162

CVSS v2.0

6.0

Média

Vetor

AV:N/AC:M/Au:S/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions OpenStack Image Registry and Delivery Service (Glance) versions 2013.2 before 2013.2.4 OpenStack Image Registry and Delivery Service (Glance) versions icehouse before icehouse-rc2

Description The issue allows remote authenticated users with permission to insert or modify an image to execute arbitrary commands via a crafted location.

Recommendations For OpenStack Image Registry and Delivery Service (Glance) versions 2013.2 before 2013.2.4, update to version 2013.2.4 or later. For OpenStack Image Registry and Delivery Service (Glance) versions icehouse before icehouse-rc2, update to version icehouse-rc2 or later.

Correção

RCE

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-20

Identificadores relacionados

CVE-2014-0162

GHSA-R7PJ-RVWG-VXHR

RHSA-2014:0455

USN-2193-1

Produtos afetados

Openstack Image Registry/Delivery Service

PT-2014-3508 · Openstack · Openstack Image Registry/Delivery Service

CVE-2014-0162

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 17